<div dir="auto"><div>Thanks for the info</div><div dir="auto"><br></div><div dir="auto"># is there any need for middleware software if I use dtap (dnstap favoured) following from github </div><div dir="auto"><br></div><div dir="auto"><a href="https://github.com/mimuret/dtap#kafka">https://github.com/mimuret/dtap#kafka</a><br></div><div dir="auto"><br></div><div dir="auto">And also configure the following:</div><div dir="auto"><h3 style="margin-top:24px;margin-bottom:16px;font-size:1.25em;line-height:1.25;color:rgb(36,41,46);font-family:-apple-system,blinkmacsystemfont,"segoe ui",helvetica,arial,sans-serif,"apple color emoji","segoe ui emoji";background-color:rgb(255,255,255)">Kafka</h3><p style="margin-top:0px;margin-bottom:16px;color:rgb(36,41,46);font-family:-apple-system,blinkmacsystemfont,"segoe ui",helvetica,arial,sans-serif,"apple color emoji","segoe ui emoji";font-size:16px;background-color:rgb(255,255,255)">Make flatting DNSTAP message,And it forawrd to kafka host.</p><pre style="font-family:sfmono-regular,consolas,"liberation mono",menlo,monospace;font-size:13.6px;margin-top:0px;margin-bottom:16px;padding:16px;line-height:1.45;border-radius:6px;color:rgb(36,41,46)"><code style="font-family:sfmono-regular,consolas,"liberation mono",menlo,monospace;padding:0px;margin:0px;border-radius:6px;border:0px;display:inline;line-height:inherit">[[OutputKafks]]
Hosts = ["<a href="http://kafka.example.jp:9092">kafka.example.jp:9092</a>"]
Topic = "dnstap_message"</code></pre></div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"># the dataflow will be as follows:</div><div dir="auto"> DNS message --->dnstap--->middleware--->Kafka producer connector ---> Kafka streaming---> Kafka consumer connector---> debezium connector --->timescaledb(postgresql favoured)</div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto">Regards</div><div dir="auto">Michael Chisina<br><br><div class="gmail_quote" dir="auto"><div dir="ltr" class="gmail_attr">On Wed, Jan 13, 2021, 5:27 PM Brian Candler <<a href="mailto:b.candler@pobox.com" target="_blank" rel="noreferrer">b.candler@pobox.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div>On 13/01/2021 14:58, Michael Chisina
via Pdns-users wrote:<br>
</div>
<blockquote type="cite">
<div dir="auto">I want to frame stream powerdns recursor DNS
query and response using dnstap to an apache kafka remote server
(202.20.20.1). </div>
<div dir="auto"># what are the configurations needed on recursor?</div>
</blockquote>
<p>dnstap doesn't talk to kafka.</p>
<p>You'll need to run some middleware software which accepts <a href="https://dnstap.info/" rel="noreferrer noreferrer" target="_blank">dnstap</a>-formatted
messages, and writes them to kafka - which could be in raw dnstap
form, or decoded into some other form (e.g. JSON). Google "dnstap
kafka" for some options, or write your own.<br>
</p>
<p>Then you configure pdns-recursor to send dnstap messages to this
middleware server.</p>
<p>If you run the middleware on the same server as pdns-recursor,
then they can communicate over a unix domain socket. If you want
to communicate to a remote server over TCP, then you will need a
sufficiently new version of libfstrm which supports this. In
practice this means that if you are using Ubuntu then you need
20.04 not 18.04. See this thread:</p>
<p><a href="https://mailman.powerdns.com/pipermail/pdns-users/2020-June/026724.html" rel="noreferrer noreferrer" target="_blank">https://mailman.powerdns.com/pipermail/pdns-users/2020-June/026724.html</a><br>
</p>
<p><br>
</p>
<blockquote type="cite">
<div dir="auto"># what is dns message schema(s) format for the
database creation?</div>
</blockquote>
<p>kafka isn't a database. If you want to write these messages to a
database, then that's an additional step. You'll need some more
software which reads messages from kafka, decodes them, and writes
to a database in some schema that you define. Beware that a busy
recursor can generate a very large volume of messages, so you
might want to aggregate them first.<br>
</p>
<p>HTH,</p>
<p>Brian.<br>
</p>
</div>
</blockquote></div></div></div>